Internet Draft M. Elvey Document: draft-ietf-sieve-refuse-reject-01 The Elvey Partnership, LLC Expires: September 2006 A. Melnikov Isode Ltd March 2006 The SIEVE mail filtering language - reject and refuse extensions draft-ietf-sieve-refuse-reject Status of this Memo By submitting this Internet-Draft, each author represents that any applicable patent or other IPR claims of which he or she is aware have been or will be disclosed, and any of which he or she becomes aware will be disclosed, in accordance with Section 6 of BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html. A revised version of this draft document will be submitted to the RFC editor as a Proposed Standard for the Internet Community. Discussion and suggestions for improvement are requested. Distribution of this draft is unlimited. Abstract This memo defines the SIEVE mail filtering language (RFC <<3028bis>>) "reject" extension. A Joe-job is a spam run forged to appear as though it came from an innocent party, who is then generally flooded by the bounces, Message Disposition Notifications (MDNs) and messages with complaints. The original Sieve "reject" action defined in RFC 3028 required use of MDNs for rejecting messages, thus contributing to the flood of Joe-job spam to victims of Joe-jobs. This document updates definition of "reject" to allow for rejecting messages during the SMTP transaction. Table of Contents 1. Introduction 3 2. Conventions Used in this Document 3 3. SIEVE "reject" extension 4 3.1 Action reject 4 3.2 "reject" compatibility with other actions 7 4. Security Considerations 7 5. IANA Considerations 7 5.1 reject extension registration 7 5.2 refuse extension registration 8 6. References 8 6.1 Normative References 8 6.2 Informative References 8 7. Acknowledgments 8 8. Author's Addresses 9 9. Intellectual Property Rights Statement 9 10. Full Copyright Statement 10 11. Changes from RFC 3028 10 12. Change Log 10 1. Introduction The SIEVE mail filtering language [SIEVE] "reject" action defined in RFC 3028 only allows users to refuse delivery of a message by sending an [MDN]. This document updates definition of the "reject" action to permit users to handle unwanted email in a way that is sometimes preferable to the existing 'discard' and the original 'reject' capabilities. When a spam-detection system suspects a message is spam, but isn't certain, discarding the email is considered too risky for some users, for example, those who receive sales leads by email. They are willing to use the reject command. Users are willing to reject but not discard because the sender of an email incorrectly marked as spam will receive a notification that the email was refused, and will likely try again to contact the intended recipient, perhaps via another method of communication. Unfortunately, this usage is problematic, because in the usual case, the email is indeed spam, and the alleged sender to whom the MDN caused by the reject will be sent will often be an innocent Joe- job victim. The updated "reject" is less likely to result in email to an innocent victim, because it allows to refuse to accept an email for delivery instead of accepting it and then sending an MDN. Much spam is sent through open proxies, so SMTP level refusal reduces Joe-job bounces (AKA backscatter) resulting from usage of MDNs. The updated "reject" will also reduce Joe-jobs caused by virus self-propagation via emails with false sender information. SMTP level refusal may conserve bandwidth, by reducing the number of MDNs sent. Further discussion highlighting the risks of generating MDNs and the benefits of protocol level refusal can be found in [Joe-DoS]. 2. Conventions Used in this Document Conventions for notations are as in [SIEVE] section 1.1, including use of [KEYWORDS]. This document does not attempt to define what exactly constitutes a spam or virus containing email or how it should be identified, or what actions should be taken when detected. 3. SIEVE "reject" extension SIEVE implementations that implement the "reject" action must use the "reject" capability string. 3.1 Action reject Usage: reject <reason: string> The "reject" action cancels the implicit keep and refuses delivery of a message. How message is refused depends on capabilities of mail component (MUA, MDA or MTA) executing the Sieve script. The Sieve interpreter must do one of the following actions, as detailed by the following priority table (items listed earlier take precedence). Note that if action can not be taken or fails, the interpreter should try the next item in the list: 1. If message return-path (MAIL FROM) is empty the message MAY be accepted and discarded. 2. If a "reject" implementation performs a return-path verification and it clearly indicates that the message has a forged return-path, the implementation need not refuse mail delivery, but rather MAY accept and discard it. 3. Message delivery is refused by sending 5XX response code over SMTP/LMTP. See section 3.1.1 for more details. 4. Message delivery is refused by sending a non delivery report (DSN). See section 3.1.2 for more details. 5. Message delivery is refused by sending a message disposition notification report (MDN). See section 3.1.3 for more details. 3.1.1 Rejecting message at SMTP/LMTP protocol level Sieve engines that are able to reject messages at SMTP/LMTP level SHOULD use 550 response code. Note that it is not always possible to do that, for example if the message is arriving over SMTP and has multiple recipients, some of which have accepted the message. See section 3.1.2 for recommendations on how to reject message in such case. <<Open issue: do we want to allow for non-ascii text below and do we need a way to control "reject with DSN containing non-ascii text" versa "replace non-ascii characters with ?">> Note that SMTP [SMTP] doesn't allow for non-ASCII characters in SMTP response text. It is an error for non-ASCII characters to appear in the "reason" string (unless the client and the server use an SMTP extension that allows for transmission of non-ASCII reply text). If the "reason" string is multiline, than the reason text MUST be returned as a multiline SMTP/LMTP response, per [SMTP], section 4.2.1. Any line MUST NOT exceed the SMTP limit on the maximal line length. To make the reason string conform to any such limits the server MAY insert CRLFs and turn the response into multiline response. In the following script (which assumes support for the spamtest and fileinto extensions), messages that test highly positive for spam are refused. Example: require ["reject", "spamtest", "comparator-i;ascii-numeric", "fileinto"] if spamtest :value "ge" :comparator "i;ascii-numeric" "6" { refuse text: AntiSpam engine thinks your message is spam. It is therefore being refused. Please call 1-900-PAY-US if you want to reach us. . ; } elsif spamtest :value "ge" :comparator "i;ascii-numeric" "4" { fileinto "Suspect"; } The following excerpt from an SMTP session shows it in action. ... C: DATA S: 354 Send message, ending in CRLF.CRLF. ... C: . S: 550-AntiSpam engine thinks your message is spam. S: 550-It is therefore being refused. S: 550 Please call 1-900-PAY-US if you want to reach us. If the SMTP/LMTP server supports RFC 2034 [ENHANCED-CODES] it MUST prepend an appropriate Enhanced Error Code to the "reason" text. Enhanced Error code 5.7.1 or a more generic 5.7.0 are RECOMMENDED. With Enhanced Error Code the response to DATA command in the SMTP example below will look like: S: 550-5.7.1 AntiSpam engine thinks your message is spam. S: 550-5.7.1 It is therefore being refused. S: 550 5.7.1 Please call 1-900-PAY-US if you want to reach us. if the server selected "5.7.1" as appropriate. 3.1.2 Rejecting message by sending DSN If the implementation receives a message via SMTP that has more than one RCPT TO that has been accepted by the server, and at least one but not all of them are refusing delivery (whether the refusal is caused by execution of a Sieve "reject" or for another reason). In this case, the server MUST accept the message and generate DSNs for all recipients that are refusing it. Note that this exception does not apply to LMTP, as LMTP is able to reject messages on a per- recipient basis. 3.1.3 Rejecting message by sending MDN When Sieve engine is running inside MUA it has no ability to reject the message before it was delivered, as the message is already deliverd. In this case the client should send a Message Disposition Notification [MDN] back to the sender. It resends the message to the sender as specified in the Return-Path header field, wrapping it in a "reject" form, noting that it was rejected by the recipient. In the following script, a message is rejected and returned to the sender. Example: require ["reject"] if header :contains "from" "coyote@desert.example.org" { reject text: I am not taking mail from you, and I don't want your birdseed, either!" . ; } A reject message MUST take the form of a failure MDN as specified by [MDN]. The human-readable portion of the message, the first component of the MDN, contains the human readable message describing the error, and it SHOULD contain additional text alerting the original sender that mail was refused by a filter. This part of the MDN might appear as follows: ------------------------------------------------------------ The message was refused by the recipient's mail filtering program. The reason given was as follows: I am not taking mail from you, and I don't want your birdseed, either! ------------------------------------------------------------ The MDN action-value field as defined in the MDN specification MUST be "deleted" and MUST have the MDN-sent-automatically and automatic- action modes set. 3.2 "reject" compatibility with other actions A "reject" action cancels the implicit keep. Implementations MUST prohibit the execution of more than one reject in a SIEVE script. "Reject" is also incompatible with the "vacation" [VACATION] extensions. Any action that would modify the message body will not have effect on the body of any message refused by "reject" using the 550 SMTP response code <<and might not have any effect on context of generated DSN/MDNs>>. Implementations SHOULD prohibit reject when used with other actions. 4. Security Considerations The "reject" extension does not raise any security considerations that are not present in the base [SIEVE] protocol, and these issues are discussed in [SIEVE]. <<Mail loops>> The Introduction section talks about why rejecting messages before delivery is better then accepting and bouncing them. 5. IANA Considerations The following section provides the IANA registrations for the Sieve extensions specified in this document: 5.1 reject extension registration IANA is requested to update the registration for the SIEVE "reject" extension to point to this document. IANA is also requested to update Tim Showalter's email address to be tjs@psaux.com 5.2 refuse extension registration IANA is requested to remove registration of the refuse extension. 6. References 6.1 Normative References [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, March 1997. [SIEVE] Showalter, T. and P. Guenther, "Sieve: An Email Filtering Language", Work-in-progress, draft-ietf-sieve-3028bis-XX.txt [SMTP] Klensin, J. (Editor), "Simple Mail Transfer Protocol", AT&T Laboratories, RFC 2821, April 2001. [LMTP] Myers, J., "Local Mail Transfer Protocol", Carnegie-Mellon University, RFC 2033, October 1996. [DSN] Moore , K., Vaudreuil, G., "An Extensible Message Format for Delivery Status Notifications", University of Tennessee, Lucent Technologies, RFC 3464, January 2003. [MDN] Fajman, R., "An Extensible Message Format for Message Disposition Notifications", National Institutes of Health, RFC 2298, March 1998. [ENHANCED-CODES] Freed, N., "SMTP Service Extension for Returning Enhanced Error Codes", Innosoft, RFC 2034, October 1996. 6.2 Informative References [Joe-DoS] Stefan Frei, Ivo Silvestri, Gunter Ollmann, "Mail Non Delivery Message DDoS Attacks", 5 April 2004", <http://www.techzoom.net/paper-mailbomb.asp>. [SPAMTEST] Daboo, C., "SIEVE Email Filtering: Spamtest and Virustest Extensions", work in progress, draft-ietf-sieve- spamtestbis-XX.txt <<Note that this reference can be safely replaced with RFC 3685.>> 7. Acknowledgments Thanks to Ned Freed, Cyrus Daboo, Arnt Gulbrandsen, Kristin Hubner, Mark E. Mallett, Philip Guenther and Michael Haardt for comments and corrections. The authors gratefully acknowledge the extensive work of Tim Showalter as the author of the RFC 3028, which originally defined "reject". 8. Author's Addresses Matthew Elvey The Elvey Partnership, LLC 3042 Sacramento-ietf St Ste 04 San Francisco, CA U.S.A. Email: sieve3@matthew.elvey.com Alexey Melnikov Isode Limited 5 Castle Business Village 36 Station Road Hampton, Middlesex, TW12 2BX UK Email: Alexey.Melnikov@isode.com 9. Intellectual Property Rights Statement The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79. Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr. The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf- ipr@ietf.org. 10. Full Copyright Statement Copyright (C) The Internet Society (2006). This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights. This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Acknowledgement Funding for the RFC Editor function is currently provided by the Internet Society. 11. Changes from RFC 3028 Clarified that the "reject" action cancels the implicit keep. Extended list of allowable actions on reject to include protocol level message rejection and generation of DSNs. 12. Change Log <<Note that this section will be deleted before publication.>> 00 First formal draft. 01 Explicit RFC 2034 support, disallow "refuse" in MUAs, typos corrected, clarifications, etc. 02 Many insubstantial editorial changes (mostly rewording text for readability). Added text regarding non-ASCII characters in the refuse "reason" string. Added an exception allowing return-path forgery to justify discarding a message. 03 (Renamed to be SIEVE WG 00) - Updated boilerplate, added reject action from the base spec, acknowledged Tim as the author of "reject". 04 (SIEVE WG 01) Based on WGLC feedback, the refuse and the reject actions were merged into a single action called reject. Text reorganized as the result. Typos and examples corrected. Updated IANA registration and Security Considerations sections.
Datatracker
Report a datatracker bug
draft-ietf-sieve-refuse-reject-01
Internet-Draft
| Document | Document type |
This is an older version of an Internet-Draft that was ultimately published as RFC 5429.
Expired & archived
|
|
|---|---|---|---|
| Select version | |||
| Compare versions | |||
| Author | |||
| RFC stream |
|
||
| Other formats | |||
| Additional resources | Mailing list discussion |